my profile | my password | search | faq & rules | forum home

» Film-Tech Forum ARCHIVE   » Community   » Film-Yak   » Windows 2000 - "svchost.exe" error message

Author Topic: Windows 2000 - "svchost.exe" error message Mike Blakesley Film God Posts: 12767 From: Forsyth, Montana Registered: Jun 99 posted 09-09-2003 11:13 AM                        Recently my home computer has been popping up an error message that says: "svchost.exe has generated error messages and needs to close. An error log is being generated." This message will come up seemingly at random. Sometimes I'll work for hours without seeing it, then other times it'll come up after 15 minutes or so. When I click "OK" on the error message to continue, everything appears to be fine, but then certain things won't work anymore: I can't cut'n'paste, Excel won't open without generating immediate error messages, Outlook "can't find" Word to do e-mails, and if I click Send/Receive I just get a box saying "The operation failed". It's not just screwing up MS programs either -- it also makes it so I can't drag items in PageMaker, for example. The only way to fix everything is to reboot, and then all is well until the damn thing pops up again. I have tried looking for that "blaster" worm because this all started when that thing was coming out, but my system doesn't have that. Have also looked on a few Windows forums and the Symantec website but none had an answer that works. I'm running Windows 2000 and recently installed SP4. Machine has plenty of hard drive space and plenty of memory. Any info or ideas would be greatly appreciated.  |  IP: Logged Joe Redifer You need a beating today Posts: 12859 From: Denver, Colorado Registered: May 99 posted 09-09-2003 11:45 AM                        This has something to do with Service Pack 4. This is why all Microsoft Operating Systems are seriously inferior to oh, an ant colony or something (granted they are both full of bugs). I've seen this happen on mine and can't even remember what the process I used to stop it was. I just remember it was in the SP4 files. SP4 seems to have a TON of security holes, I've noticed. Ahhh, but people gotta have their Microsoft. I used to love Windows 2000 but now I am beginning to hate it.  |  IP: Logged David Stambaugh Film God Posts: 4021 From: Eugene, Oregon Registered: Jan 2002 posted 09-09-2003 01:34 PM                        This may be a worm. See this thread: w32.welchia.worm It's a long thread, but there's a lot of information in it. The issue they describe sounds pretty similar to the problem you're having.  |  IP: Logged Paul G. Thompson The Weenie Man Posts: 4718 From: Mount Vernon WA USA Registered: Nov 2000 posted 09-09-2003 01:46 PM                     Mike, that exe file is a ligit file. It is found in WINNIT/system32 directory, it is an 8kb application file. What it does, I don't know....but with a rash of virus programs out, you might have one that is screwing with it that somehow was not detected by an anti-virus program.  |  IP: Logged Mike Blakesley Film God Posts: 12767 From: Forsyth, Montana Registered: Jun 99 posted 09-09-2003 02:02 PM                        Joe - I know you will hate me for telling you this, but it was doing it BEFORE I installed SP4. (Installing SP4 was one of the "fixes" I tried.)  |  IP: Logged Joe Redifer You need a beating today Posts: 12859 From: Denver, Colorado Registered: May 99 posted 09-09-2003 02:53 PM                        Mike- That's interesting because it didn't do it for me until AFTER I installed SP4. Crazy! Everything would be just fine and dandy if people would stop creating viruses and worms. Why people want into other people's computers so much is beyond me. I certainly don't keep credit or vital personal info on there. What else can they do? Look to see if I have any downloaded porn? Check to see what sites I have bookmarked? Check to see what version of Photoshop is installed? Whoopee!! People are crazy.  |  IP: Logged Chris Hipp Phenomenal Film Handler Posts: 1462 From: Mesquite, Tx (east of Dallas) Registered: Jul 2003 posted 09-09-2003 10:07 PM                     I was getting this error in win2k. after I got the error I couldnt load java or even look at my files ont eh computer. IT is of those worms, I dont know which one. I just downloaded and installed the patch from the microsoft page and the problem went away  |  IP: Logged Dave Macaulay Film God Posts: 2321 From: Toronto, Canada Registered: Apr 2001 posted 09-09-2003 10:43 PM                     People want into other folks' computers for 2 reasons - primarily for attacks against 3rd parties, and increasingly by professionals to send spam. When the RIAA website or CNN get shut down by "hackers" you are seeing the result of the attack mode. Someone who controls a few hundred or thousand computers, preferably on at least a cable internet connection, tells them all to send internet traffic at a furious rate to one site simultaneously. I use an IRC network that is regularly attacked this way, it was almost shut down last year by these DDOS (distributed denial of service) attacks. Each of about 30 servers around the world were continuously flooded with hundreds of megabytes per second of spurious packets. Generally IRC is a "charity" provided by the host ISP who dislikes suddenly paying high backbone bandwidth fees and having his paying customers knocked offline... so most of the servers were disconnected. The attacks are impossible to block (so far) and effectively untraceable. Spam senders like to use your computer to send their crap because it avoids a lot of problems. Using any ISP to send massive spam loads brings repercussions - a lot of the internet uses blacklists that start blocking all mail from the ISP, complaints flood in, and the guy's account gets closed. Sending it via "owned" systems sends all the complaints to the hacked system ISPs and the total volume per ISP probably isn't enough to trigger the blacklisting. The result is that the spammer doesn't have to get a new ISP every few days and the spam mail isn't blocked as effectively, good things for his business. Keep an eye on your modem lights; if there's a lot of action when you're not doing anything, get suspicious. Try a utility like DUmeter that logs your up and download usage, most internet use favours downloading so if you have a huge total upload showing, you may be infected. Practice safe computing, this is the most important thing. Don't use the preview pane in Outlook or Outlook Express, only open emails you're fairly sure of. Install updates. Use antivirus software and update it. This is NOT failsafe. A well crafted computer virus using an unknown new exploit can infect most susceptible computers in the world - millions and millions - within a few minutes... hours or days before an update could be available to block it. The "code red" virus was defective in such a way that it only attacked a small subset of the internet, but every susceptible computer in that subset was infected within about 5 minutes of release. The internet in general was almost shut down by the traffic load as all those computers began their task of scanning for more systems to infect. Theoretically if it had been properly designed to randomly scan the whole address space of the internet, every susceptible computer in the world would have been infected within about 10 minutes... and the virus writers will probably not make the next one defective.  |  IP: Logged Joe Redifer You need a beating today Posts: 12859 From: Denver, Colorado Registered: May 99 posted 09-10-2003 01:50 AM                        So how is it the RIAA can track down a user so easily to sue them, but tracking where viruses/worms originate is such a chore? I understand the differences of the tasks, but you'd think the FBI would be a little smarter at the whole computer thing. I guess the best thing is to get a Mac or a good firewall. But it's only time before they crack through the firewalls somehow. Maybe a disgruntled employee at the software company who makes the firewall knows of a "back door" no matter how it is configured. Maybe he even put that back door in himself and only he knows about it. You never know.  |  IP: Logged Leo Enticknap Film God Posts: 7474 From: Loma Linda, CA Registered: Jul 2000 posted 09-10-2003 04:33 AM                        quote: Practice safe computing, this is the most important thing. Don't use the preview pane in Outlook or Outlook Express... Personally I'd go further and say don't use Outlook or OE full stop. For security I prefer Eudora because of the 'Disable executable HMTL in messages' option. Graphics and text formatting commands will work, but nothing else will. quote: ...only open emails you're fairly sure of. Install updates. Use antivirus software and update it. And use a firewall. People are now getting used to the concept of not clicking on suspicious attachments and of updating antivirus software... but not of updating operating systems, which was why the Blaster virus spread as widely as it did. Because you didn't need to click on anything to trigger the virus, and antivirus software only scans specific files when asked to, this one got through. Even a free firewall such as the basic version of Zone Alarm would have stopped it, and in my case it stopped several hundred infection attempts. If you use W2K or WXP professional, another security trick is to create two user IDs: one with restricted status, which you use to do all your routine work, and one with administrator status, which you only log on to when you need to install software or change system settings. If a malicious program attempts to change registry settings or alter system files when logged on to a restricted account, then Windows will deny access and prevent at least some of the functions of the virus from operating. A friend of mine took this principle even further and set up a dual boot partition. One partition has Windows, and the other has Linux which he only uses for Internet access.  |  IP: Logged Dave Macaulay Film God Posts: 2321 From: Toronto, Canada Registered: Apr 2001 posted 09-10-2003 07:33 AM                     Joe - it isn't spectacularly hard to identify filesharers. You have to know their IP# - the nature of filesharing systems like Kazaa makes that easy. Then you have to convince their ISP to hand over the identity of the user who was on that IP# at that time. The RIAA is having mixed success at this but gets at least some names as can be seen from the recent stories of RIAA actions. A DDOS attack involves hundreds or thousands of different computers sending you floods of many different types if TCP/IP, ICMP, and UDP packets, some or all with the originating IP address spoofed. Blocking the malicious traffic while allowing your customer's traffic through is effectively impossible - no static policy is effective and analyzing the packets uses too much computer power to be practical during a major attack. Tracking down the senders is possible, but tracing a spoofed IP address is tedious and unreliable. Even once you know the IP# of an infected system it isn't too useful. I've logged virus scans from many infected systems on my ISP, and then emailed the ISP about it including my access logs. Some have stopped, but several have continued to attempt hundreds of times a day to get into my system. The pattern suggests that the ISP is doing nothing; some users notice and get the virus removed, and some don't. Even then, you haven't found the source of the attack, only the computers controlled by that person.  |  IP: Logged Andrew Lee Film Handler Posts: 99 From: Oakville, Ontario, Canada Registered: Jun 2002 posted 09-11-2003 01:30 PM                     Joe....Dave....why are the two of you in the AV industry when you could be obviously making scads of money in the computer industry? Dave is it true you were one of the first ever computer science grads in Canada.....early seventies I believe.  |  IP: Logged Mike Blakesley Film God Posts: 12767 From: Forsyth, Montana Registered: Jun 99 posted 09-13-2003 10:35 PM                        I think my problem was that welchia worm. I went to the link posted (above) by David Stambaugh, found the link for the patch from Microsoft and so far so good. Thanks for the input and help.  |  IP: Logged

All times are Central (GMT -6:00)

Printer-friendly view of this topic

Hop To: Select a Forum: Category: Operations -------------------- Digital Cinema Forum Film Handlers' Forum Large Format Forum Ground Level Feature Info, Trailer Attachments & REAL Credit Offsets Category: Community -------------------- Film-Yak Film Handlers' Movie Reviews The Afterlife Bob Maar's Joke-A-Thon Category: Classified -------------------- Equipment and Supplies Wanted/For Sale Help Wanted/Seeking Employment Category: System -------------------- Software Beta Testing Forum

The Film-Tech Forums are designed for various members related to the cinema industry to express their opinions, viewpoints and testimonials on various products, services and events based upon speculation, personal knowledge and factual information through use, therefore all views represented here allow no liability upon the publishers of this web site and the owners of said views assume no liability for any ill will resulting from these postings. The posts made here are for educational as well as entertainment purposes and as such anyone viewing this portion of the website must accept these views as statements of the author of that opinion and agrees to release the authors from any and all liability.